This paper proposes a data security protection strategy of the SaaS mode -the SLA based SaaS Security Level. At the same time, it gives concept model and implementation architecture of the security scheme which based on the SaaS Security Level. The SLA based SaaS Security Level takes the requirements of tenants to the data security as a starting point, and it mainly relates to data security of the data center, data security of the servers and data security of the clients. This Security Level can better meet diversified users needs than the traditional security model. According to the tenants desired service number and the protection degree of data information, they can dynamically select different levels of the security strategies. Then, according to the dynamic changes of SLA, the SaaS vendors can adjust data protection strategy of the user timely. For supporting our SaaS Security Level, we build SSM (SaaS Security Model) test-bed. On the SSM test-bed, we have done some experiments, which confirmed our SaaS Security Level is feasible and easy to use.

 

DOI: http://dx.doi.org/10.11591/telkomnika.v11i7.2870

data Security; SaaS Security; SaaS Model; SaaS Level; SLA; test-bed